This sounds like a very expensive way to do things, given that you will
have to redo the checksum for each mungled packet.
What is wrong with fwmark?
cheers,
jamal
On Thu, 9 Nov 2000, Matthew G. Marsh wrote:
>
> As I hinted in one of the emails discussing the ingres queue I have a
> cheap hack using NetFilter to set the TOS field of a packet. I cleaned it
> up a bit so it will use the Patch-O-Matic.
>
> Basically you untar it in the /usr/src/netfilter/ directory then change
> into userspace and make patch-o-matic. Select the ftos patch.
>
> What this does is provides a new target called FTOS that takes an
> argument.
>
> iptables -t mangle -A PREROUTING { selections } -j FTOS --set-ftos <value>
>
> Where <value> is a number from 0-255 decimal or 0x0 - oxff hex
>
> This value is then placed into the TOS field within the packet. Then you
> can use ip rule or egress to take action on the packet from there.
>
> You can also set this to use the OUTPUT chain thus setting the TOS field
> on output from localhost.
>
> Note that this makes no attempt to check on the current value of the TOS
> field or to split the field up into DiffServ etc. It just sets the field
> to the value you put on the command line.
>
> BTW - it makes a great testing utility for sending packets with known TOS
> values...
>
> HTH!
>
> --------------------------------------------------
> Matthew G. Marsh, President
> Paktronix Systems LLC
> 1506 North 59th Street
> Omaha NE 68104
> Phone: (402) 932-7250
> Email: mgm@paktronix.com
> WWW: http://www.paktronix.com
> --------------------------------------------------
>
>
>